1 2010-09-17T00:23:48 *** RogerHaase
2 2010-09-17T00:41:26 *** xjjk
3 2010-09-17T00:41:33 *** xjjk
4 2010-09-17T02:14:38 <CIA-36> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 9969:6c8655ff3356 2.0-dev/MoinMoin/ (_tests/test_user.py user.py): remove some remainders of user name2id cache (which is already gone)
5 2010-09-17T08:27:32 <ThomasWaldmann> moin
6 2010-09-17T08:28:30 <ThomasWaldmann> btw, I think I'll replace MoinMoin.caching with stuff from werkzeug.contrib.cache soon
7 2010-09-17T08:28:52 <ThomasWaldmann> (in moin2)
8 2010-09-17T08:32:26 <ThomasWaldmann> it is currently not much used, only sendcache, saving of drawings (collecting members of the tar file), sistersites, search indexer queue
9 2010-09-17T08:35:22 <ThomasWaldmann> (and the way it is used by drawings is a bit dirty anyway, it accesses caching internals)
10 2010-09-17T08:38:40 <ThomasWaldmann> drawings stuff and indexer queue is an abuse of caching btw because it stores data there that can't be computed again if the cache goes away
11 2010-09-17T12:11:22 *** bossekr
12 2010-09-17T12:11:58 <bossekr> hi folks; yes, I'm looking for a problem with PdfAction plugin and MoinMo 1.9.3 version (hg tip)
13 2010-09-17T12:12:07 <bossekr> what does http://hg.moinmo.in/moin/1.9/file/7a83cc907f68/MoinMoin/action/AttachFile.py#l122 mean ?
14 2010-09-17T12:52:36 <ThomasWaldmann> moin raphael
15 2010-09-17T12:52:47 <bossekr> hi
16 2010-09-17T12:53:32 <bossekr> try to catch an issue with PdfAction and htmldoc (trying to get attachments/pictures from ACL protected pages)
17 2010-09-17T12:53:35 <ThomasWaldmann> the tickets are mostly used for csrf protection
18 2010-09-17T12:54:23 <bossekr> CSRF attacks ?
19 2010-09-17T12:55:08 <ThomasWaldmann> yes
20 2010-09-17T12:56:14 <ThomasWaldmann> you can do evil stuff with csrf, esp. if you manage to trick a high priviledged user into it somehow
21 2010-09-17T12:56:48 <bossekr> ok, in my development environment I get 403 error messages in the log accessing the attachments/pictures for a ACL protected page
22 2010-09-17T12:57:13 <ThomasWaldmann> that could be due to acls
23 2010-09-17T12:57:28 <bossekr> what about authentication by cookies ? htmldoc is able to support cookies ?
24 2010-09-17T12:57:38 <ThomasWaldmann> about tickets: are you doing anything else than do=get for attachments?
25 2010-09-17T12:58:11 <bossekr> no, get is enought:: http://localhost:8080/RaphaelBossek?action=AttachFile&do=get&target=raphaelbossek.jpg
26 2010-09-17T12:58:25 <ThomasWaldmann> ok, then it doesn't use a ticket
27 2010-09-17T12:58:32 <ThomasWaldmann> (nor expect one)
28 2010-09-17T12:58:46 <bossekr> it's the default content of a HTML pages (by print formater)
29 2010-09-17T12:58:51 <ThomasWaldmann> so you have an acl problem, you can only avoid that by authenticating and keeping the session
30 2010-09-17T12:59:56 <bossekr> I'm using MOIN_ID=<self.request.user.id> as cookie for htmldoc since the beginning
31 2010-09-17T13:00:44 <bossekr> but that is not enought anymore and I'm searching for the ACL check routine in MoinMoin right now
32 2010-09-17T13:05:15 <bossekr> Thomas, where can I find the source file which check the ACL and throws 403 ?
33 2010-09-17T13:08:52 <ThomasWaldmann> ehrm, check the session cookie name
34 2010-09-17T13:09:06 <ThomasWaldmann> since 1.9 and wsgi, its differently made and named
35 2010-09-17T13:10:09 <bossekr> e.g. MOIN_SESSION=znt4g5hfnl_f0fczckkk27aleyil1vnr ?
36 2010-09-17T13:12:39 <bossekr> hmm, it seems to be that I need the MOIN_SESSION_8080_ROOT cookie...
37 2010-09-17T13:16:30 <bossekr> >> http://hg.moinmo.in/moin/1.9/file/7a83cc907f68/MoinMoin/web/session.py#l248
38 2010-09-17T13:17:12 <ThomasWaldmann> yes, that's the right one
39 2010-09-17T13:18:03 <bossekr> I've now to find out what the cookie name is for the running session and set it for htmldoc, I think ?
40 2010-09-17T13:18:39 <ThomasWaldmann> you can just call that function to find the cookie name
41 2010-09-17T13:19:07 <bossekr> are you sure? why not http://hg.moinmo.in/moin/1.9/file/7a83cc907f68/MoinMoin/web/session.py#l299 ?
42 2010-09-17T13:19:22 <ThomasWaldmann> (putting some stuff into the cookie name works around bloody stupid limitation of cookie standard btw)
43 2010-09-17T13:20:14 <ThomasWaldmann> yes, call it that way
44 2010-09-17T13:21:08 <ThomasWaldmann> if you don't want to make it too complicated, just assume usage='SESSION' I don't think that'll ever change in moin 1.9.x
45 2010-09-17T13:21:23 * bossekr copy&pase code in the hope it will never change
46 2010-09-17T13:22:42 <ThomasWaldmann> ok, gtg soon
47 2010-09-17T13:23:26 <ThomasWaldmann> bossekr: if you have time, have a look at moin2 :) it's quite different (and better), just a bit pre-alpha still :)
48 2010-09-17T13:27:43 <bossekr> I would like to integrate the PDF exporter as out-of-the-box component to moin2, maybe with http://www.jagpdf.org/
49 2010-09-17T13:28:01 <bossekr> do you know if there is any progress to get PDF printer be integrated?
50 2010-09-17T13:28:59 *** bossekr
51 2010-09-17T13:29:33 * RaphaelBossek never dreamed ActionPdf will be used by so many MoinMoin installations
52 2010-09-17T13:30:46 * ThomasWaldmann has to run, sorry, will be back in the late afternoon / evening
53 2010-09-17T14:23:44 *** lotek
54 2010-09-17T14:23:51 <lotek> moin
55 2010-09-17T14:24:33 <RaphaelBossek> hi
56 2010-09-17T14:25:24 <lotek> hat some error message with my apache2, mod_wsgi and moin. think it's not moin problem, but if somebody can have a look at the error message it would be nice
57 2010-09-17T14:25:29 <lotek> here the link: http://moinmo.in/MarcelH%C3%A4fner/The%20Bugs#Maybe_Bugs
58 2010-09-17T14:26:53 <RaphaelBossek> sorry, no idear
59 2010-09-17T14:29:01 <lotek> RaphaelBossek: no problem... just want to be sure it's not a misconfig from my installation
60 2010-09-17T14:32:41 <xorAxAx> lotek: thats a question for #moin
61 2010-09-17T14:54:08 *** RaphaelBossek
62 2010-09-17T15:53:42 <lotek> xorAxAx: ok, next time :-)
63 2010-09-17T17:59:16 *** lotek
64 2010-09-17T18:22:33 <ThomasWaldmann> re
65 2010-09-17T18:36:05 <ThomasWaldmann> bbl
66 2010-09-17T18:41:08 <dreimark> re
67 2010-09-17T20:37:02 <ThomasWaldmann> dreimark: TheSheep: valeuf: please prepare for a shell.moinmo.in reboot
68 2010-09-17T20:42:09 <dreimark> ok
69 2010-09-17T21:44:17 *** moinBot
70 2010-09-17T22:39:57 *** RogerHaase
71
